Include paths can be signed as system header paths. The convention is not to give any diagnostic reports in these system headers by any analyzer tools. ClangSA gives reports in system header by default, but this patch introduces an analyzer config option which prevents this default behavior.
Diff Detail
Event Timeline
clang/lib/StaticAnalyzer/Core/BugReporter.cpp | ||
---|---|---|
2831 | How to interpret this comment? Better would be "Report bugs in system headers only if this option is turned on.". |
This patch only affects path-insensitive checkers. For such checkers disabling the analysis entirely (i.e., not calling checkASTCodeBody in system headers) would probably make more sense.
For some discussion about path-sensitive checkers see https://bugs.llvm.org/show_bug.cgi?id=44065.
This patch only affects path-insensitive checkers.
Wait, no, i'm wrong, there's a fall-through there. So just see that thread.
clang/lib/StaticAnalyzer/Core/BugReporter.cpp | ||
---|---|---|
2831 | I agree with @balazske. The goal of system headers is to provide a set of simple data structures and algorithms to be reused in programs. This comment should be rephrased.. | |
clang/test/Analysis/system-header.c | ||
2 | I think you could simply use -isystem %S/Inputs and the use a function in system-header-simulator.h. I do not think that we need to add extra directory to test this. |
I think this patch does not disable them only allows the user to disable them since it adds an option to enable such warnings with default value true. Thus they are enabled by default, thus nothing changes in the default behavior. However, if a user decides to hide such warnings this patch allows this.
@balazske Alright, I rephrased it according to your suggestion.
@baloghadamsoftware I needed a header file which has a bug inside and also not indicated with "expected-warning" in order to properly test that the report is suppressed in a system header. However, it's true that an extra directory is not necessary, so I moved my header file to "Inputs" directory.
@NoQ Thanks for the attached ticket. Now I can see that this is a conscious decision emitting reports even in system headers. And I agree that most of the times a bug can be the caller's fault even if the report is in a system header. On the other hand in the projects this is the reason for adding 3pp libraries via -isystem flag to the compiler so that no analyzer tool reports any warnings on these files. That's why I thought binding this behavior to an analyzer option, just like clang-tidy does with --system-headers flag.
Are you sure that you need the bug to be inside? Or just an error caused from outside appearing inside?
@baloghadamsoftware You're right, but I couldn't find a header file which (1) contains a bug which ClangSA reports, (2) is not an "expected-warning", (3) is inside an already existing directory so it could be considered a system header.
@Szelethus WDYT about, like, generally, suppressing reports when there exists a common ancestor stack frame to all interesting stack frames and unprunable diagnostic pieces that resides in the system header?
What a tongue twister of a sentence :)
The point is to prove, or at the very least guess whether the problem originated from a system header?
What do you mean under ancestor stack frame? That all other interesting stack frames are nested in it, or that its present before any other stack frame in the bug report?
[...] unprunable diagnostic pieces that resides in the system header?
Is this about finding a *part of the bug report* that is in a system header rather than the actual warning? Isn't this patch about the latter?
I failed to come up with an example that fits your description, could you help me out with one please? :)
Eg., suppress this report:
// system_header.h int bar() { int *x = NULL; return *x; } // user_file.c void foo() { bar(); }
but don't suppress this report:
// system_header.h int bar(int *x) { return *x; } // user_file.c void foo() { int *y = NULL; bar(y); }
In the first example there are two interesting events: (1) x = NULL, (2) return *x but both of them are in the system header. In the second example the interesting event (1) y = NULL is not in the system header, so the report remains.
That all other interesting stack frames are nested in it
I think this is the best take. A more aggressive suppression would be "all interesting things are in a system header", which would allow the suppressed bug report to temporarily leave the system header between interesting events.
Sounds nice. @bruntib, would this be sufficient for the user's request? Are we sure that the actual request makes sense in light of the analyzer's viewpoint?
(if we agree to do this, the next obvious experiment would be to cut out the beginning of the path from the report we *do* emit - i.e., everything until our first interesting stack frame)
Hi,
Thanks everyone for the investigation in this problem.
I find these suggestions reasonable, and I think this commented example is a strong beating card in our hands to convince our users that paths going through system headers are meaningful and important.
I'll start implementing this idea and we'll see how much it affects the results in real-world projects.
How to interpret this comment? Better would be "Report bugs in system headers only if this option is turned on.".